Version 3.4 - Server Hash and recorded Password

[darren.nolan]

Howdy Everyone! (yay for first post).

 

I've just updated to the latest version. I'm impressed. I have a few enquires.

 

When WHMCS records the server hash, the hash is placed in my SQL database as plain text - it doesn't seem to be encrypted by any means (as oppose to using just a username and password, it encrypts it by a particular means). While this isn't life threatening, would be nice if it wasn't so "see-able" from using something like phpmyadmin (as anyone that gets into the SQL database could see the hash).

 

Secondly - I use firefox and it records my login details, username and password for logging into the admin panel of WHMCS. To my understand, as it does this and see <input type="name" name="username"> and <input type="password" name="password"> - it places my WHMCS username and password in there when using HASH. while I understand this also isn't a huge problem, just though some users might need to be aware that firefox does this to "help" (complicate) matters.

 

Has anyone else noticed these? Just thought I'd let someone know.

 

Cheers guys! Love the system.

Dazz